[pfx] Re: smtpd rate limiting

2023-10-03 Thread Viktor Dukhovni via Postfix-users 
On Tue, Oct 03, 2023 at 06:29:08PM -0400, Wietse Venema via Postfix-users wrote:

> > My first wild guess is setting in_flow_delay to a higher value might 
> > help.  Note this may be completely inappropriate for your specific 
> > application.
> > http://www.postfix.org/postconf.5.html#in_flow_delay
> 
> That, and reducinig the number of smtpd processes if the sender makes
> parallel connections.

When senders chronically exceed the available output bandwidth, rate
limits don't help.  They just create massive blockages upstream, that
will eventually cause large problems.

The only solution is to reduce the actual volume of messages originated,
or to be able to identify inadvertent floods, and park most of the
flood in a short-term quarantine (to be deleted after a sanity check).

The job is to identify the root cause, and adress that.

-- 
Viktor.
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: smtpd rate limiting

2023-10-03 Thread Wietse Venema via Postfix-users 
Noel Jones via Postfix-users:
> My first wild guess is setting in_flow_delay to a higher value might 
> help.  Note this may be completely inappropriate for your specific 
> application.
> http://www.postfix.org/postconf.5.html#in_flow_delay

That, and reducinig the number of smtpd processes if the sender makes
parallel connections.

Wietse
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: smtpd rate limiting

2023-10-03 Thread Noel Jones via Postfix-users 

On 10/3/2023 2:11 PM, Kevin C via Postfix-users wrote:

Hi Matthew, Hi Wietse,

Our postfix servers are only MTAs who transfer mails from internal IT apps to
end users over Internet. We don't receive mails from Internet.

Sometimes, an abnormal activity can fill active queue unitl it's full, and it
slow down all mail delivery. We had some rules to slow down delivery  to
specif destination, some other to send mail more quickly for others, and
remains with default smtp delivery configuration.


As a general rule, you want postfix to deliver as fast as possible. 
This may be limited by what the receiving system is willing to 
accept. For high volume to really slow destinations, it might be 
beneficial to setup another "slow" postfix box as a relay to keep 
the main queue moving quickly.


If you're using some kind of content filter, quite likely that's 
what is slowing things down. Work on getting the filter to process 
faster. Maybe you need more (or fewer!) processes, more memory, 
faster disks, or offload to more machines. You'll need to analyze to 
find the bottleneck.





I was wondering if we can rate limit connections to Postfix to reject mails if
active queue are full (I know postfix can accept mail to incoming queue when
active queue is full),  when a client send a unusual number of messages.


http://www.postfix.org/TUNING_README.html
http://www.postfix.org/STRESS_README.html
http://www.postfix.org/QSHAPE_README.html

My first wild guess is setting in_flow_delay to a higher value might 
help.  Note this may be completely inappropriate for your specific 
application.

http://www.postfix.org/postconf.5.html#in_flow_delay

There are also various limits described in 
http://www.postfix.org/TUNING_README.html#conn_limit
Note these limits are intended to limit attacks and not to regulate 
legit traffic, as any host slowed by these limits will likely see 
significant delays. But maybe that's what you need.




  -- Noel Jones
___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: smtpd rate limiting

2023-10-03 Thread Kevin C via Postfix-users 
Hi Matthew, Hi Wietse,  

Our postfix servers are only MTAs who transfer mails from internal IT apps to 
end users over Internet. We don't receive mails from Internet.

Sometimes, an abnormal activity can fill active queue unitl it's full, and it 
slow down all mail delivery. We had some rules to slow down delivery  to 
specif destination, some other to send mail more quickly for others, and 
remains with default smtp delivery configuration. 

I was wondering if we can rate limit connections to Postfix to reject mails if 
active queue are full (I know postfix can accept mail to incoming queue when 
active queue is full),  when a client send a unusual number of messages.

Regards

Kevin

Le samedi 30 septembre 2023, 05:24:57 CEST Matthew McGehrin via Postfix-users a 
écrit :
> I might had used the wrong terminology. I was mainly referencing delayed
> email that occurs with Grey listing. Most of the delay email for me is
> either Google or Yahoo.
> 
> Matthew
> 
> On 9/29/2023 7:40 PM, Wietse Venema via Postfix-users wrote:
> > Matthew McGehrin via Postfix-users:
> > Hi Kevin.
> > If the delays are being caused by bounce message processing, you could
> > Then you should configre Postfix to block undeliverable mail.
> > 
> > - Don't accept mail for non-existent recipients.
> > 
> > - Don't forward SPAM to other systems.
> > 
> > Wietse
> > 
> > ___
> > Postfix-users mailing list --postfix-users@postfix.org
> > To unsubscribe send an email topostfix-users-le...@postfix.org




___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Re: Separating logs for smtp and submission traffic

2023-10-03 Thread Markus Schönhaber via Postfix-users 

03.10.23, 17:50 +0200, Dennis Schafroth via Postfix-users:


Long time user of postfix and quite happy one.

However I have not found a postfix feature of separating logs of smtp (port 25) 
and submission (port 587).

My work-around is to link /usr/lib/postfix/sbin/smtpd to 
/usr/lib/postfix/sbin/submission and change master.cf to use submission.

This generates nice logs with   

Oct  3 16:52:53 nuc postfix/submission[3002042]: connect from e 
xample.com[x.x.x.x]

So while this works fine, but is there a postfix way to do this?


Yes, set syslog_name on the corresponding service in master.cf 
accordingly. Postfix, by default, comes with a master.cf where this is 
used for the (maybe commented) submission an submissions service entries:


submission inet n   -   n   -   -   smtpd
  -o syslog_name=postfix/submission
  [...]

--
Regards
  mks

___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

[pfx] Separating logs for smtp and submission traffic

2023-10-03 Thread Dennis Schafroth via Postfix-users 
Hi 

Long time user of postfix and quite happy one. 

However I have not found a postfix feature of separating logs of smtp (port 25) 
and submission (port 587). 

My work-around is to link /usr/lib/postfix/sbin/smtpd to 
/usr/lib/postfix/sbin/submission and change master.cf to use submission. 

This generates nice logs with   

Oct  3 16:52:53 nuc postfix/submission[3002042]: connect from e 
xample.com[x.x.x.x]

So while this works fine, but is there a postfix way to do this?

cheers,
:-Dennis


___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org